puppet模块文件路径
1
2
| mkdir -pv /etc/puppet/modules/{openjdk,nginx,tomcat,mariadb}/{manifests,files,templates,lib,tests,spec}
cd /etc/puppet/modules
|
openjdk模块
1
2
3
4
5
6
7
8
9
10
11
| vim openjdk/manifests/init.pp
class openjdk($version='1.8.0') {
package{"java-$version-openjdk-devel":
ensure => installed,
}
file{'javahome':
ensure => file,
path => '/etc/profile.d/javahome.sh',
source => 'puppet:///modules/openjdk/javahome.sh',
}
}
|
java运行路径文件
1
2
| vim /etc/puppet/modules/openjdk/files/javahome.sh
export JAVA_HOME=/usr
|
puppet apply -v -e 'include openjdk'
这一步就提供完了openjdk
Tomcat服务模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| vim tomcat/manifests/init.pp
class tomcat{
package{'tomcat':
ensure => installed,
} ->
service{'tomcat':
ensure => running,
enable => true,
restart => '/usr/bin/systemctl restart tomcat',
}
}
class tomcat::tomcatweb inherits tomcat {
package{'tomcat-webapps':
ensure => installed,
}
package{'tomcat-admin-webapps':
ensure => installed,
}
Service['tomcat']{
subscribe => [ Package['tomcat-webapps'],Package['tomcat-admin-webapps'] ],
}
}
|
puppet apply -v -e 'include tomcat::tomcatweb'
这一步这个执行完之后可以打开浏览器访问http://ip:8080,查看页面
facter查看支持全部变量
文本文件中内嵌变量替换机制:
<%= @VARIABLE_NAME %>
获取安装包和配置文件
获取default.conf配置文件,并修改代理配置
1
2
| cp /etc/nginx/conf.d/default.conf ./
sed -i 's@.*/usr/share/nginx/html;@proxy_pass http://127.0.0.1:8080;@' nginx/files/default.conf
|
获取nginx.conf.erb模板,并配置worker进程数量等于cpu的数量
1
2
3
| cd ../templates/
cp /etc/nginx/nginx.conf ./
sed -i 's@worker_processes.*@worker_processes <%= processorcount %>;@' nginx.conf.erb
|
Nginx服务器模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| vim nginx/manifests/init.pp
class nginx{
file{'nginxpkg':
path => '/tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm',
ensure => file,
} ->
exec{'nginx':
unless => '/usr/bin/rpm -q nginx',
user => 'root',
} ->
file{'nginx.conf':
path => '/etc/nginx/nginx.conf',
ensure => file,
content => template('nginx/nginx.conf.erb'),
require => Exec['nginx'],
}
service{'nginx':
ensure => running,
enable => true,
restart => '/usr/sbin/nginx -s reload',
}
}
class nginx::proxy inherits nginx{
file{'default.conf':
path => '/etc/nginx/conf.d/default.conf',
ensure => file,
source => 'puppet:///modules/nginx/default.conf',
require => Exec['nginx'],
}
Service['nginx']{
subscribe => [ File['nginx.conf'],File['default.conf'] ],
}
}
|
puppet apply -v -e 'include nginx::proxy'
这一步就提供好了Nginx的反向代理,可以打开浏览器访问http://ip,查看页面
数据库节点模块
1
2
3
4
5
6
7
8
9
10
11
| vim mariadb/manifests/init.pp
class mariadb{
package{'mariadb-server':
ensure => installed,
} ->
service{'mariadb':
ensure => running,
enable => true,
restart => '/usr/bin/yum restart mariadb.service',
}
}
|
puppet apply -v -e 'include mariadb'
部署大量节点配置
puppet是强依赖于域名解析的,我的hosts文件内容如下
1
2
3
4
5
6
7
8
9
| vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.29.1 centos6.org c6
172.16.29.2 centos7.org c7
172.16.29.10 node1.org n1
172.16.29.20 node2.org n2
172.16.29.30 node3.org n3
172.16.29.40 node4.org n4
|
主节点
开启服务器
1
| systemctl start puppetmaster.service
|
添加配置文件
1
2
3
4
5
6
7
8
9
| vim /etc/puppet/manifests/site.pp
#这个配置可以匹配一个主机centos7.oeg
node 'centos7.org' {
include nginx::proxy
}
#这个配置可以配置多个node主机
node /node[12]\.org/' {
include tomcat::tomcatweb
}
|
从节点启动从节点服务
1
| puppet agent --server node3.org -v
|
主节点查看证书
主节点签署证书
1
2
3
| puppet cert sign centos7.org
puppet cert sign node1.org
puppet cert sign node2.org
|
从节点重启从节点服务
1
| puppet agent --server node3.org -v
|
从节点永久自动连接master的方法,在agent配置段中添加一行
1
2
| vim /etc/puppet/puppet.conf
master = node3.org
|
多环境配置
多环境的意思是,打个比方一个公司有三个环境,一个开发人员测试自己程序的环境,一个测试人员测试程序的环境,还有一个是提供业务的环境。每个环境的配置可能不一样,这里我们使用puppet提供三种不同的环境。
master节点node3提供多环境需要的文件及目录
1
2
3
4
5
6
| cd /etc/puppet
mkdir -pv environment/{production,development,testing}/{manifests,moudules}
cp -a modules/* environments/production/moudules/
cp -a modules/* environments/development/moudules/
cp -a modules/* environments/testing/moudules/
#每个环境使用模块时,使用的是/etc/puppet/modules/目录下的模块,所以我们定义模块时要定义的灵活一些
|
master节点node3 在main配置段中添加如下内容,重启puppetmaster
1
2
3
| vim /etc/puppet/puppet.conf
environmentpath = $confdir/environments
systemctl restart puppetmaster.service
|
master节点提供安装哪些模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| vim environments/production/manifests/site.pp
node 'node2.org' {
include nginx::proxy
}
vim environments/development/manifests/site.pp
node 'node2.org' {
include openjdk
include tomcat::tomcatweb
}
vim environments/development/manifests/site.pp
node 'node1.org' {
include openjdk
include tomcat::tomcatweb
}
vim environments/testing/manifests/site.pp
node 'centos7.org' {
include mariadb
}
|
node2的agent配置段中添加如下内容,并启动
1
2
3
4
5
| vim /etc/puppet/puppet.conf
#指向主节点
server = node3.org
listen = true
systemctl start puppetagent.service
|
安装后的截图如下,只监听了80端口说明,使用了production配置环境,若使用development环境会监听80,8080
node1的agent配置段中添加如下内容,并启动 1
2
3
4
5
6
| vim /etc/puppet/puppet.conf
#指向主节点
server = node3.org
listen = true
environment = development
systemctl start puppetagent.service
|
centos7的agent配置段中添加如下内容,并启动 1
2
3
4
5
6
| vim /etc/puppet/puppet.conf
#指向主节点
server = node3.org
listen = true
environment = testing
systemctl start puppetagent.service
|
puppet的kick的使用
之前puppet工作时都是agent向master请求数据,并且是每30min请求一次,当我们遇到紧急情况,需要立即变更线上业务的时候,我们就需要使用kick,由master主动通知agent,获取配置信息。
从节点node2在path /之前添加一个认证配置段
1
2
3
4
5
| vim /etc/puppet/auth.conf
path /run
method save
auth any
allow node3.org
|
从节点node2 在agent配置段中添加监听
1
2
3
4
| vim /etc/puppet/ puppet.conf
[agent]
listen = true
server = node3.org
|
主节点编辑
1
2
3
4
5
| vim environments/production/manifests/site.pp
node 'node2.org' {
include nginx::proxy
include mariadb
}
|
主节点推服务
node2又监听3306
总结
puppetmater首先提供多个主机需要的模块,各个模块,每个模块中有多个类,类中定义多个服务;然后同时还提供每个主机使用不同的模块提供不同的服务,并且可以把主机分类体提供配置。同时还可以使用master使用kick主动通知agent安装特定的模块。
|